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1 Claims 
2 

3 LA method, including the steps of / 

4 maintaining a set of access control patterns in at least one associative mem- 

5 ory; / 

6 receiving a packet label responsive to a packet, said packet label being suf- 

7 ficient to perform access control processing for said packet; 

8 matching matchable iirfonpation, said matchable information being respon- 
N= 9 ' sive to said packet label, with said set Li access control patterns in parallel, and generat- 
" 10 ing a set of matches in response thereto, each said match having priority information as- 

Lj 11 sociated therewith; ' / 

* / 

pj 12 selecting at least one of said matches in response, to said priority informa- 

a / 

F/i 13 tion, and generating an access result in response to said at least one selected match; and 

CI! / 

J[ 14 -making a routing decision in Response to said access result. 

f l i / 

PJ 15 . . / 

16 2, A method as in clmm 1, including the step of performing at least two 

17 of said steps of receiving, matching, Selecting, and making a routing decision, in parallel 

18 using a pipeline technique. / 

19 / 

20 3. A method yas in claim 1, wherein said access control patterns each 

21 include a bit pattern for matching and a mask pattern of bits not for matching. 

22 
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1 4. A method as in claim 1, wherein said access control patterns each 

2 include a set of ternary elements, each representative of a/logical "0," logical "1", or 

3 "don't care" value. 



5 5. A method as in claim 1, wherein said associative memory includes a 

6 hardware content-associative memory having a plurality of rows, each row including one 

7 of said access control patterns and one^fpaiti access/results. 
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A method as in claim 1, wherein said associative memory includes a 



-ho hardware content-associative memory having a plurality of rows, 

y ? r= / 7 r 



P<H2 and 



each row inqluflifig a Wit pattern/for matching and one of said access results, 



each row being associated w/th a pattern of bits not for matching, said set of 
1**14 patterns of bits not for matching being fewer than a number of said rows. 



A method as in claim 1, wherein said associative memory includes a 



17 ternary content-associative memor 



8. A method/as in claim 1, wherein said packet label includes a source 
IP address or subnet, a destination IP address or subnet, a source port, a destination port, a 
protocol specifier, or an input interface. 
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^ 9. A method as in claim 1, wherein said prioritV information for each 

2 said access control pattern is responsive to a position of said ac/ess control pattern in a 

3 memory. 



5 
6 



10. A method as in claim 1, wherein said/priority information includes a 
position hi said associative memory, and said step "of sheeting includes choosing a first 
one of said matches. 
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11. A method 
committed access rate de^ion 

12. 




1, wherein said routing decision includes a 



claim /, wherein said routing decision includes an 



^3 administrative policy decision regarding treatment of said packet. 

D 

Has 



13. A method as in /laim 1, wherein said routing decision includes de- 



16 termining an output interface for saja packet. 

17 

18 14. A method^s in claim 1, wherein said routing decision includes im- 

19 plementing a quality of service policy. 

20 

21 15. A r/ethod as in claim 1, wherein said routing decision includes per- 

22 mitting or denying accfess for said packet. 
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16. A method as in claim 1, wherein said step of ^bnerating said access 
result is responsive to a plurality of said at least one matches. 
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17. A method as in claim 1, wherein said step of matching is performed 
in order of constant time, whereby said step of matching is/performied in time not respon- 
sive to a number of said access control oa^et^is. 



18. A me 



ho are performed at a rate e: 




1, wherein said steps of matching and selecting 
gapacket ner second. 



19. A method as in claim U including the step of making a preliminary 
routing decision for said packet, wherein ^4id packet routing information includes a result 
of said preliminary routing decision. 

20. A method asm claim 19, wherein said preliminary routing decision 
includes determining at least onf output interface for said packet. 



18 

19 21. A method as in claim 19, wherein said packet routing information 

20 includes an output interface for said packet. 
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22. A method as in claim 1, including the stej/of preprocessing said 
packet label to generate said matchable information. 



5 the steps of 



label; and 



23. A method as in claim 22, wherein said /tep of preprocessing includes 



performing an arithmetic, logical, or con/parison operation on said packet 
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generating a biTstring for] said mailable information in response to said 
arithmetic, logical, or comparison operation. 

24. A method^as fa claim 22, wherein said step of preprocessing includes 
the step of comparing alTeld of said packe/label with an arithmetic range or mask value. 

-25 . A method as in c/aim 22, wherein said step of preprocessing includes 
the step of comparing a source IP p,6rt value or a destination IP port value with a selected 
port value. 



claim 1, including the step of postprocessing said 



17 

18 26. A method as in 

19 selected match to generate^said access result. 

20 

21 27. A method as in claim 26, wherein said step of postprocessing m- 

22 eludes accessing a/memory in response to a bitstring included in said selected match. 
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28. A method as in claim 1 , wherein said set of ac/ess control patterns is 
responsive to a sequence of access control specifiers, each one o/said sequence of access 
control specifiers declaring whether to permit or deny access faf a set of packets. 

29. A method as in claim 28, wherein sa^d step of maintaining includes 

the steps of 

receiving said sequence ofifaccess control specifiers; 

translating safid sequen/e/of access control specifiers into said sequence of 

access control patterns; anc 

storing said sequence of access control patterns in said associative memory. 

30. A method as in claim/29, wherein said step of translating includes 
the step of-generating a plurality of said/ccess control patterns in response to one of said 
access control specifiers. 

31. A method a/in claim 29, wherein said step of translating includes, 
the step of generating a single ohe of said access control patterns in response to a plurality 
of said access control specifiers. 
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